Privacy Notices

We are the data controller of the personal data we hold about you. We are The Northern College for Residential Adult Education Ltd. Our address is Wentworth Castle, Lowe Lane, Stainborough, Nr Barnsley S75 3ET.

Our Data Protection Officer is Sarah Johnson. If you have any queries about this notice or how we are using your personal data please contact our Data Protection Officer on 01226 776005 or at dpofficer@northern.ac.uk.

This privacy notice has been prepared in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Data Protection Act 2018.

The College is registered as a data controller under the Data Protection Act 2019, our registration number of Z6656286. This means that the purposes for which the College collects and processes personal data are notified to and registered with the Information Commissioner’s Office (ICO).

The data we collect will only be used for the purposes outlined in this privacy notice. If the College intends to further process the data for a purpose which is incompatible with that outlined we will notify you of our intentions and the rights you have in relation to any further processing.

You have a range of rights over the data we hold about you, please see our A Guide to Your Rights – Personal Data for further information and how to exercise them.

We keep our privacy notice under regular review. Any changes we make will be displayed on our website and notified to you by email where appropriate. A log of changes to our privacy notices can be found in our Privacy Notices Log.

This privacy notice sets out the personal data the College collects about its students and how that data is used and protected.

What data do we collect from you?

When you apply for a course

As part of your admission to the College we will collect your personal details, this may include:

• your name, address, email address, telephone, date of birth, national insurance number, gender, ethnicity, disability, nationality, sexual orientation, religious belief, learning support needs, learning styles, employment status, LEA, benefits data, dietary requirements, where English is not first language, if you are a lone parent or asylum seeker, your refugee status, any offending background/previous convictions, health information, previous substance misuse, marital status, residency status, vehicle details for parking purposes, employment history, education history and qualifications, emergency contact details, voluntary work details, interests, references, where appropriate your carer details.
• where appropriate as part of our residency eligibility checks we may ask for official douments such as driving license or passport.
• where it is relevant to your course we may ask about your trade union membership.
• if you are applying for a tailored learning course we may collect information about the community group you are part of in order to fund your course.
• we also collect and store your photo at the point you enrol and this is used to produce a College ID badge, which is required to access various college services. These photos will not be used for marketing or any commercial purpose. If your course requires photographs, video or audio records to be created, these will
• be stored securely and only used in order for you to achieve your qualification. Any other photographic or video content collected will require your specific consent to be used by the College.

Whilst you are studying at the College 

In order to manage and administer your education at the College we will collect further data, this may include:

• course work, grades and results, exam entry details and results, attendance, tutor/personal tutor feedback, library usage, safeguarding information, accidents and injuries, first aid information, behavioural information, learner support needs, other support needs, placement data, withdrawal details, ICT usage.
• in order to manage the financial arrangements related to your study at the College we may also collect and process your funding information, bank details, travel expenses details, student loan information, your benefits and income data (or those of your household) and in some cases evidence.
• if you access additional learning support whilst you are studying at the College we may collect and process further information including detailed health information, disabilities and support provided.
• we use CCTV at our site for the purposes of crime prevention, security and health and safety and, accordingly, may capture imagery of you whilst you are at the College. Our entry system also records location data.

How we use your data 

We will use your personal data;

• to manage and process your application to the College;
• to manage and administer your education whilst you are studying at the College. This will include communicating with you, managing your classes and timetable, putting together reports and registers, exam and assessment arrangements, personal tutoring, accessing the library, accessing ICT, accessing additional learning support and general student support, accessing accommodation and catering facilities, safeguarding, health and safety, security, first aid, parking, managing behaviour, monitoring performance, handling complaints, ensuring equality;
• to ensure your place is appropriately funded, and to pay/receive payment from you;
• for the purposes of teaching you and measuring your achievements;
• to provide you with additional learning support;
• to maintain the health, safety and security of the College and all its users.

We treat your personal data with confidentiality. The data described in this notice will only be used for the purposes outlined.

Marketing our courses to you 

Where you have previously studied at the College or commenced an application process with us before, then we will send you information about the courses we provide on the basis of our legitimate business interests. In doing so, we will comply with the requirements of the ‘soft opt in’ and offer you an opportunity to refuse marketing, both when your details are first collected and in every subsequent message, by giving you a clear and straightforward way to unsubscribe.

Any other marketing we carry out will be on the basis of consent.

Monitoring your use of the College ICT 

We monitor how you use the College’s ICT systems and equipment and what websites you go on when you are browsing the internet at College. This is because we have legal obligations to protect you, and we also have a legitimate interest in making sure you are using our computer equipment correctly and that you are not looking at any inappropriate content.

Further information please see our website privacy notice and ICT user, bring your own device and e-safety policies.

What is our legal basis for processing your data?  

Generally, the data we collect about you is processed as part of our public interest task of providing education to you.

Where we collect health data this is defined as special category data we will process it because there is substantial public interest for us to do so.

Where we collect data to enable us to ensure and monitor equality of opportunity and treatment e.g. your ethnicity, disability, religious belief, sexual orientation this is defined as special category data. We process this data on the grounds that it is in the public interest, specifically by enabling us to identify and keep under review the existence or absence of equality of opportunity or treatment.

We also collect and process some personal data on the basis that we need to do so in order to comply with our legal obligations.

How we store and secure your data 

Student personal data is held electronically in password protected systems which are accessed by authorised College staff only. Hard copy student data is stored securely and accessed by authorised College staff only. Please see our data security statement for further information.

The College uses software systems to process some of its personnel data which are provided by the following third party suppliers:

• UNIT-e – student management system;
• Heritage – library management system;
• Corero Resource 3200 – finance system.

Where appropriate the College has written agreements in place to ensure the protection of any data included which can be accessed by the provider. The providers do not have any routine access to the data processed by the software other than in the course of the provision of technical support and system development.

Does anyone else process your data?

The College uses third parties to process personal data on its behalf and to provide services to you. An example of this would be a software company who provides a monitoring system which tracks the work you are completing, supporting your studies and enabling you to achieve. Where we use third party processors we have an appropriate contract in place. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.

We also use Russell Richardson Ltd to confidentially dispose of any hard copy data; this may include your personal data.

Who do we share your data with? 

We do not share information about our students with anyone unless the law and our policies allow/require us to do so.

Your information may be shared internally, including with any College staff member who needs the data to provide services to you.

We may share your personal data with the following organisations (or types of organisation) for the following purposes:

• ESFA – if your course is funded by the ESFA we will share some of your data with the ESFA for the purposes of funding your education. Please see the ESFA privacy notice for information about how they manage your data. The information you supply is used by the Education and Skills Funding Agency, an executive agency of the Department for Education (DfE), to issue you with a Unique Learner Number (ULN) and to create your Personal Learning Record, as part of the functions of the DfE. For more information about how your information is processed, and to access your Personal Learning Record, please refer to the learning records service privacy notice.
• Student Loans Company – if you have applied for a student loan we will share some of your data with the Student Loan Company in order to enable you to access your loan. Please see the SLC privacy notice for information about how they manage your data.
• University of Huddersfield – if you are attending a higher education course validated by the University of Huddersfield we will share your data with them for the purpose of securing funding and enabling you to access your course and gain your qualification. Please see the University of Huddersfield privacy notice for information about how they manage your data.
• Awarding bodies – if your course is accredited we will share some of your data with the relevant awarding body for the purpose of enabling you to gain your qualification.
• If your course is funded by a local authority we may share some of your data with them in order to enable us to access the funding for your education.
• If your course is funded by your trade union we may share data with them regarding your attendance and achievement.
• If you have a serious accident whilst at College we may need to share that data with the Health and Safety Executive.
• We may be required to share your contact details with NHS Test and Trace to enable them to identify and contact people who may have been exposed to the coronavirus.
• We may be required to share your data with law enforcement agencies.

We may also share your personal information with third parties who provide services to the College as follows:

• Thomas Franks Ltd – we may share some of your data with the company who provide our catering services, for example your dietary requirements, in order to enable them to provide appropriate catering services for you;
• Constant Security – we may share some of your data with the company who provide our security services in order for them to be able to provide effective security services for you.
• The College’s audit providers – our auditors may view your data as part of their audit of our services.

Where we share your data with third party service providers we will have a written contract in place to ensure the protection of your personal data.

Do we transfer your data outside Europe?

We do not store or transfer your personal data outside Europe.

Is your data used to make automated decisions?

We do not make automated decisions using the data outlined in this notice.

How long will we keep your data? 

We will not keep your personal information for longer than we need it for the purposes we have explained above.

We will retain your personal data in line with our retention schedule. Retention periods depend on the nature of the data being retained; in many cases we will retain your data for six years following the completion of your course.

What if I do not provide personal data?

Failure to provide data required to meet legal obligations will result in us not being able to enrol you as a student. Failure to provide other information (except that requiring consent), for example additional learning support information, may result in the College being unable to provide the standard of service we would wish to.

This privacy notice sets out the personal data the College collects about its Personnel and how that data is used and protected.

Personnel is defined as any College employee, worker or contractor who accesses any of the College’s personal data and will include employees, consultants, contractors and temporary personnel hired to work on behalf of the College.

What data will we collect from you – Job Applicants 

We will collect personal data from you when you apply for a job with us.  This will include your name; address; phone number; email; date of birth; NI number; current employment details including job title, start and end dates, current salary, notice period, reason for leaving; past employment details; education details; whether you are related to any personnel of the College or governing body; references; driving license; vehicle ownership.

We will also ask you if you would like to provide us with data regarding any disabilities you may have and whether there are any special arrangement you require for interview; plus your gender, ethnicity religion/belief and sexual orientation.

What data will we collect from you – College Employees 

We will collect additional personal data from you when you are offered a position and once you become an employee at the College.  This may include your marital status; previous surname(s); next of kin and contact details; bank details; pension details; other employment; certifications/qualifications, photograph; disqualification information; voluntary salary reductions; student loan details; attachment to earnings data; medical information; car registration, make and model; car insurance details; tax code data; pre‑employment health questionnaire/medical report; criminal record details.

Over the course of your employment we will store and process personal data about you which may include appraisal/performance management; training & development records; travel expenses; contract details; working time; annual leave; travel expenses; changes to your terms and conditions.

This could also include disciplinary, grievance, capability details, sickness absences, maternity/paternity/adoption information; accidents and injuries at work; health information; flexible working; exit interviews; return to work notifications; parental leave request forms; occupational health records.

We use CCTV at our site for the purposes of crime prevention, security and health and safety and, accordingly, will capture imagery of personnel whilst they are at the College. Our door/car park entry system also records location data.

How will we use your data 

We will use your personal data set out above as follows:

• for the recruitment process and for carrying out pre‑employment checks;
• for safeguarding students;
• for checking your identity and right to work in UK;
• for checking your qualifications;
• to keep an audit trail of the checks we have made and our relationship with you in case of employment claims;
• to set up payroll and pension and to reimburse expenses;
• for dealing with HMRC;
• for communicating with you;
• for carrying out our role as your employer or potential employer.

What is our legal basis for this processing?

Generally, the data we collect is processed on the basis that it is necessary for performing our employment contract with you, or it is necessary to take steps before entering into a contract with you.

We also collect and use personal information on the basis that we need to do so in order to comply with our legal obligations.

Where we collect medical/health data this is defined as special category data. We collect and process this on the grounds that it is necessary for carrying out our obligations under employment law and/or necessary to assess the working capacity of employees. In some circumstances we may request your consent.

Where we collect data to enable us to ensure and monitor equality of opportunity and treatment e.g. your ethnicity, disability, religious belief, sexual orientation this is defined as special category data. We process this data on the grounds that it is in the public interest, specifically by enabling us to identify and keep under review the existence or absence of equality of opportunity or treatment.

How will we store and secure your data? 

All the above data is held electronically in password protected systems which are accessed by authorised College staff only. Some hard copy information is also retained, where this is the case it is stored in a locked area which is accessed by authorised College staff only.

The College uses software systems to process some of its personnel data which are provided by the following third party suppliers:

Corero Resource 3200 – finance system

UNIT-e – student management system;

The College has a written agreement in place to ensure the protection of any data included which can be accessed by the provider. The providers do not have any routine access to the data processed by the software other than in the course of the provision of technical support and system development. This includes an online, two stage security validation system.

Does anyone else process your data 

When you apply for a job with us we use the Association of Colleges’ (AoC) Education Recruitment System to process your data. We have a third party data processing agreement in place with the AoC which includes relevant clauses to ensure the protection of your personal data. Please note you may have also registered using the AoC system to access roles more generally across the FE sector, if this is the case your data is also processed by the AoC and you should review the relevant AoC privacy notice. 

We use Cintra HR & Payroll Services Ltd to process payments in our payroll system.

We use Russell Richardson Ltd to confidentially dispose of any hard copy data; this may include your personal data.

Where we use third party processors we have an appropriate contract in place. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.

Who do we share your data with? 

We do not share information about our personnel unless the law and our policies allow/require us to do so.

We may share the personal information that you give us with the following organisations (or types of organisation) for the following purposes:

• We will share information with HM Revenue and Customs for the purposes of administering your tax and national insurance arrangements.
• Where you are a member we will share relevant information with the Universities Superannuation Scheme for the purpose of administering your pension arrangements.
• Where you are a member we will share relevant information with the South Yorkshire Pensions Authority for the purpose of administering your pension arrangements.
• Where appropriate we may share your contact details with our security services provider.
• We may be asked to share personal data about you with the National Office for Statistics as part of our statutory duties.
• We may be required to share your data with law enforcement agencies.
• We may be required to share your data with NHS Test and Trace to enable them to identify and contact people who may have been exposed to the coronavirus.

We may also share your personal information with third parties who provide services to the College as follows:

• In some circumstances the College may engage the services of an occupational health provider or medical practitioner, where it is proposed that this is undertaken the human resources department will ensure that the individual concerned is provided with full details of the provider, an outline of any data to be shared/requested and be asked to provide their consent where appropriate.
• From time to time the College may use the services of a third party recruitment agency. This is for the purpose of recruiting and employing personnel. Where this is the case we may share information about the individual employees concerned. The College will have a written contract in place with any provider utilised which will include appropriate clauses to ensure the protection of personal data.
• The College’s audit providers may view your data as part of their audit of the College.

Is your data transferred outside of Europe 

We do not store or transfer your personal data outside Europe.

Is your data used to make any automated decisions?

We do not make automated decisions using the data outlined in this notice.

How long will we keep your data?

We will not keep your personal information for longer than we need it for the purposes we have explained above.

When you apply for a job with us, but your application is unsuccessful, we will normally keep your personal information for six months. In exceptional circumstances we may ask if we can retain your information for longer, for example if we think there may be a future vacancy you might be interested in. In such a case we would request your specific consent.

When you are an employee we will keep your personal information in line with our data retention schedule.

This privacy notice sets out the personal data the College collects about its governors and how that data is used and protected.

What data will we collect? 

We will collect data from you when you become a governor of the College or an independent member of a governor committee. This will include:

• Contact Details – to enable us to contact you regarding meetings and other relevant activities;
• Home address, nationality, occupation, country of residence – to register you with Companies House and the Charity Commission;
• Ethnicity and Disability – to monitor diversity and build an accurate picture of the make-up of the Board of Governors and assess the effectiveness of the College’s equal opportunities policy;
• Date of Birth – to register you as a director of the company with Companies House and a trustee of the charity with the Charity Commission. We will also use your date of birth to create an anonymised age profile for the Board of Governors which is published in the governance annual report;
• Next of Kin/Contact Details – in case of an emergency whilst you are on College premises;
• Legal Actions – to enable us to arrange insurance cover for your work as a governor;
• Criminal Convictions – in order to establish whether you are eligible to serve as a governor/trustee/director;
• Skills – to monitor the balance of skills and expertise of the Board of Governors as a whole and to identify any gaps;
• Other Interests e.g. current employment, membership of professional bodies, directorships – to enable the identification of possible conflicts of interest. This information is not routinely shared but is made available to the public for inspection on request. Specific interests declared in meetings relating to items to be considered at that meeting will be recorded in the minutes which are publically available unless they are deemed confidential.
• Bank details – if you claim travel expenses we will collect your bank details in order to reimburse you;
• Photograph – images of you (photos or videos) may be used to promote the role and identity of governors inside the College and externally in publicity material. These images will be stored securely. We will request your consent to process your personal image, which you can withdraw at any time by contacting the Clerk to the Governors. Where you withdraw your consent, or your appointment terminates, the College will make reasonable efforts to cease processing your image.
• Attendance – we have a contractual requirement to collect attendance data which we are required to publish in our Annual Report and Financial Statements;
• Third party payments to governors and payment of expenses – we have a contractual requirement to publish related party payments and expenses under our funding agreement with the Education and Skills Funding Agency. Any payment of expenses to governors or related third parties are published in the College’s annual reports and financial statements;
• Car registration, make and model – to enable you to use the car park.

We use CCTV on our site for the purposes of crime prevention, security and health and safety. We may therefore capture images of you whilst you are at the College. We have a CCTV Code of Practice which enables us to ensure the data captured is managed securely and appropriately. Our door/car park entry system also records location data.

The data described in this notice will only be used for the purposes outlined. If the College intends to further process the data for a purpose other than that outlined we will notify you of the intention and the rights you have in relation to any further proposed processing.

We will not use the data to make any automated decisions about you.

How will we use your data?

As well as the specific purposes outlined above we will use your data:

• for recruitment to the post of Governor (including carrying out disqualification checks);
• for the safeguarding of students;
• to contact you in connection with board and committee business;
• to conduct performance monitoring;
• for inclusion in the minutes of the board and committees;
• for inclusion in the College’s annual report and financial statement and other board and committee papers;
• to maintain a register of interests;
• to produce identification badges;
• for use in promotional materials;
• to inform reports and returns required by funding agencies, government departments and public bodies;
• to provide information to banks;
• to monitor and promote equality and diversity;
• for inclusion in the College’s publication scheme (as required by the Freedom of Information Act 2000);
• for approval and ratification of funding bids to UK funding bodies;
• to confirm accommodation, dietary and access requirements for events;
• to book training events; and
• to add you to any relevant mailing lists.

Our legal basis for processing 

We process your contact details, home address, country of residence, date of birth, nationality, legal actions/criminal convictions, occupation and other interests in order to comply with the law.

We process your ethnicity, disability and skills data in order to deliver a public task.

We process your photograph and next of kin details on the basis of your explicit consent.

We process attendance data, third party payments to governors, payment of expenses and bank details in order to deliver a contract.

We process CCTV images and car registration, make and model on the basis of our legitimate interests for maintaining the security of our site.

How the data will be stored and secured

All the above data is held electronically in password protected systems which are accessed by authorised College staff only. Some hard copy information is also retained, where this is the case it is stored in a locked area which is accessed by authorised College staff only.

Your bank details are stored in the College finance system which is password protected and only accessed by authorised College staff.

We do not store or transfer your personal data outside of Europe.

Will we share the data? 

We may share your data with the following organisations (or types of organisation) for the purpose specified:

• Companies House – in order to register you as a director of the company we are required to share your name, title, occupation, date of appointment, nationality, date of birth, home address and country of residence with Companies House. Companies House will publish your name, date of birth, date of appointment, nationality, occupation and country of residence as a director of the company on their website (company number: 1339524), and link it to any other company for which you are appointed as a director. The Companies House privacy notice is available on their website.
• Charity Commission – in order to register you as a trustee of the charity we are required to share your title, name, address, date of birth and the date of your appointment as a trustee with the Charity Commission. The Charity Commission will publish your name as a trustee of the college on their website, and link it to any other charity for which you are appointed as a trustee. (Charity Number: 507245). The Charity Commission privacy notice is available on their website.
• Financial statements – we will publish attendance data and details of any third party transactions and expenses in our annual report and financial statements.
• The email contact for the chair of the Board of Governors may be made available to the FE Commissioner and relevant contacts at the Education and Skills Funding Agency on request where they need direct contact with the chair. Contact details for the chair of the Board of Governors and chair of the Audit Committee may be made available to the College’s internal and/or financial statement auditors. We will always request out of date data to be deleted when we provide data about a new appointment.
• The College’s register of interests is available for public inspection on request.
• We may share data regarding legal actions with our insurance provider in order to arrange insurance cover for your work as a governor.
• Other governors may be able to see your email address if group emails are sent that expose your address; and they may use this for the purpose of contacting other governors solely to progress the business of the College.
• We may be required to share your data with law enforcement agencies.
• We may share your name, date of birth and address with the College’s bankers to enable them to fulfil their responsibilities under the Proceeds of Crime Act, the Prevention of Terrorism Act, Money Laundering Regulations or any other relevant legislation.
• We may be required to share your data with NHS Test and Trace to enable them to identify and contact people who may have been exposed to coronavirus.

Does anyone else process your data?

We use Russell Richardson Ltd to confidentially dispose of any hard copy data; this may include your personal data.

Where we use third party processors we have an appropriate contract in place. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.

How long will we keep the data? 

We will not keep your data for any longer than we need it for the purposes outlined. Our Retention Schedule sets out the retention periods that we have set for the different types of data we hold.

In general we retain your data for the period of your appointment plus six years. We retain records of the conduct and proceedings of meetings (e.g. minutes) which may contain your name for 50 years and statutory records and registers including the register of directors and secretaries and register of members and directors’ interests for the lifetime of the institution.

If you apply for a governor role with us, but your application is unsuccessful, we will keep your personal information for six months after the application process concludes.

We retain CCTV images in line with regulations.

This privacy notice sets out the personal data the College collects about visitors to its site and how that data is used and protected.

What data will we collect? 

We will collect data from you when you visit the College. This may include your name, car registration number and the organisation you are representing where appropriate. We will also record who you are visiting, when you arrive and when you leave.

Where you don’t check in using the official NHS QR code we will collect your contact details for the purpose of contract tracing by NHS Test and Trace.

We use CCTV on our site for the purposes of crime prevention, security and health and safety. We may therefore capture images of you whilst you are at the College. We have a CCTV Code of Practice which enables us to ensure the data captured is managed securely and appropriately.

How we will use the data? 

We collect this data so we can effectively manage your visit to the College and to ensure the safety and security of the site, yourself and other people.

We will not use the data to make any automated decisions about you.

Any contact details we collect as required by NHS Test and Trace may be used by them for the purposes of identifying and contacting people who may have been exposed to the coronavirus.

Our legal basis for processing 

We collect and process this data on the basis of our legitimate interests to manage our site and maintain safety and security.

How the data will be stored and secured

The data will be held electronically in a password protected system which will only be accessed by authorised College staff.

We do not store or transfer your personal data outside of Europe.

Does anyone else process your data?

We use Russell Richardson Ltd to confidentially dispose of any hard copy data; this may include your personal data.

Where we use third party processors we have an appropriate contract in place. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.

Will we share the data? 

We may share your data with the following organisations (or types of organisation) for the purpose specified:

Organisation/Type of Organisation: Constant Security Ltd (the College’s third party security provider)

Purpose: To provide security services at the College.

We may be required to share your details with NHS Test and Trace to enable them to identify and contact people who may have been exposed to the coronavirus.

We may be required to share your data with law enforcement agencies.

How long will we keep the data? 

We will not keep the data for any longer than we need it for the purposes outlined. Our Retention Schedule sets out the retention periods that we have set for the different types of data we hold.

We retain data about visitors for one year.

We retain CCTV images in line with regulations.

We will retain contact details required by NHS Test and Trace for 21 days.

This privacy notice sets out the personal data the College collects and processes in relation to marketing and promotion.

Marketing and Newsletters 

If you have previously studied at the College or commenced an application process with us we may use the contact information you provided to send you further information about other courses we offer. We will do this on the basis of our legitimate business interests. In doing so, we will comply with the requirements of the ‘soft opt in’ and offer you an opportunity to refuse marketing, both when your details are first collected and in every subsequent message, we will do this by giving you a clear and straightforward way to unsubscribe.

For all other promotional activities we will ask for your consent to process your personal data for marketing purposes. This means you have the right to withdraw your consent, or to object to the processing of your personal data for this purpose at any time.  We will include details of how to do this every time we contact you. We will collect your name and contact details. We will only use this data to provide you with the service for which you subscribed.

We use MailChimp to manage our email marketing services and newsletters. If you sign up for any of our newsletters or email marketing services the email address that you submit will be forwarded to MailChimp and will not be stored within the College’s own website database or in any of our internal computer systems for purposes of receiving the email newsletter. Your email address will remain within MailChimp’s database for as long as we continue to use MailChimp’s services for email marketing or until you specifically request removal from the list.

Any newsletter style emails and mailings sent via MailChimp may contain tracking facilities within the actual email. Subscriber activity is tracked and stored in a database for future analysis and evaluation. Such tracked activity may include: the opening of emails, forwarding of emails, the clicking of links within the email content, times, dates and frequency of activity and other measures that help to inform our communications and to refine future email campaigns with more relevant content based around their activity.

Website Analytics

When you visit our website www.northern.ac.uk, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out such things as the number of visitors to the various parts of the site. This information is only processed in a way that does not directly identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.

Apply on-line 

If you use our apply on-line facility or make an online enquiry the data you provide is stored temporarily in a secure database prior to it being accessed and processed by our admissions team. For details of the data collected and how it is processed please see our privacy notice – students.

User data

In addition we collect your IP address, the browser type and device you are using and its resolution. We only collect this in order to improve the security and usability of our website and it cannot be used to identify who you are.

Cookies

We use cookies on our website to enhance your experience of our site. Cookies are small text files which are placed on your device (for example your iPad or laptop) in order to make your online browsing easier. Most websites do this. Cookies cannot be used to identify who you are.

Some cookies on the site are essential, and the site won’t work as expected without them. These cookies are set when you submit a form, login or interact with the site by doing something that goes beyond clicking on simple links.

We also use some non-essential cookies to anonymously track visitors or enhance your experience of the site.

We will not use cookies to collect personally identifiable information about you.

We use a cookies tool on our website to gain consent for the optional cookies we use. Cookies that are necessary for functionality, security and accessibility are set and are not deleted by the tool.

You can change your cookie preferences at any time by clicking on the ‘C’ icon. You can then adjust the available sliders to ‘On’ or ‘Off’, and click ‘save and close’. You may need to refresh your page for your settings to take effect.

Alternatively, most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set, visit the www.aboutcookies.org or the All About Cookies website.

Photographs and Case Studies 

We use images, film and case studies in a range of materials to promote Northern College. This includes (but is not limited to) advertisements and other publicity materials such as leaflets, e-newsletters, brochures and posters, direct mail, reports newspapers, magazine articles, television programmes and publications for the Internet. We will also share images, case studies and film with partners and the media to communicate our work.

We will always ask you to provide written consent for us to use any of your personal data in this way. You can withdraw your consent at any time. However, we may not be able to remove images from internet platforms or publications already in circulation.

What is our legal basis for this processing?

The lawful basis we rely on to process your personal data for marketing purposes is either consent, for example for the optional cookies we use on our website or to send you a newsletter, or our legitimate interests for example in order to maintain the integrity of our IT systems and the continuity of our business, or to send you information about other courses you may be interested in.

How we store and secure your data

Electronic data for marketing purposes is secured in password protected systems accessed by authorised College staff only.

Where you sign up for a newsletter or email marketing your data will be stored by Mailchimp in their secure systems.

Who do we share your data with?  

We do not share any of the data you have provided to us for marketing purposes with any other organisations.

Does anyone else process your data?

As described above we use MailChimp to deliver our newsletters and e-marketing services.

We also use Russell Richardson Ltd to confidentially dispose of any hard copy data; this may include your personal data.

Where we use third party processors we have an appropriate contract in place. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.

Do we transfer your data outside Europe?

We do not store or transfer your personal data outside Europe.

Is your data used to make automated decisions?

We do not make automated decisions using your data.

How long will we keep your data?

For information about how long we will keep your data please see our data retention schedule.

Your email address will remain within MailChimp’s database for as long as we continue to use MailChimp’s services for email marketing or until you specifically request removal from the list.

This privacy notice sets out the personal data the College collects about its suppliers and how that data is used and protected.

What data will we collect? 

In order to engage and manage our suppliers, where you are a supplier (or where if it is a company, you are its representative) we collect and store your contact information and, where appropriate, your bank account details.

You may also be asked to provide details of your occupation and your CV.

How we will use the data? 

We store and use your data for the purposes of managing our suppliers in respect of the supply of goods and services that our College may need.

We do not make automated decisions using the data outlined in this notice.

Our legal basis for processing 

Except in the circumstances highlighted below, we process this information on the basis of our legitimate interests:

• we have a legitimate interest in engaging and managing our suppliers; and
• to be able to do so, we need to hold details of who those suppliers are.

Where we are required by law to hold certain records for health and safety purposes, then we hold those records to comply with that statutory obligation.

Where we hold your bank account details, we do so on the basis that it is necessary for us to perform our contract with you.

How the data will be stored and secured

We do not store or transfer your personal data outside of Europe.

Data is held electronically in password protected systems which are accessed by authorised College staff only. Hard copy data is stored securely and accessed by authorised College staff only. Please see our data security statement for further information.

Will we share the data? 

We do not share this data with anyone without consent unless the law and our policies allow us to do so.

We may share data with third parties who provide services to the College as follows:

• Bankers – we will share your bank account details with our bankers in order to process payments.

The College uses software systems to process some of its personnel data which are provided by the following third party suppliers:

Corero Resource 3200 – finance system.

Where appropriate the College has written agreements in place to ensure the protection of any data included which can be accessed by the provider. The providers do not have any routine access to the data processed by the software other than in the course of the provision of technical support and system development.

How long will we keep the data? 

We will not keep the data for any longer than we need it for the purposes outlined. Our Retention Schedule sets out the retention periods that we have set for the different types of data we hold.

In general we retain data related to the processing of financial transactions with suppliers for 7 years.